Major Data Breaches Impact Millions on December 1, 2025

In a troubling turn of events, South Korea's largest e-commerce platform, Coupang, confirmed a massive data breach affecting nearly 34 million customers. The breach appears to stem from an insider threat involving a former employee, resulting in the compromise of names, email addresses, and other personal details, though payment information remains secure. Meanwhile, credit verification service 700Credit disclosed a breach impacting over 5.6 million individuals, due to a faulty API connection that allowed attackers to access sensitive data, including Social Security numbers and addresses, from May through October 2025.

Also In Security Today

University of Phoenix Breach: The University of Phoenix reported unauthorized access to personal records affecting 3.5 million individuals, linked to the exploitation of vulnerability CVE-2025-61882 in Oracle's E-Business Suite.

BRICKSTORM Malware Threat: CISA and NSA issued a joint alert regarding ongoing attacks involving BRICKSTORM malware, attributed to Chinese state-sponsored actors targeting government and IT organizations for credential theft and long-term access.

Crisis24 Cyberattack: Crisis24 faced a cyberattack that disrupted nationwide notification systems in the U.S., exposing personal data, including login credentials of affected agencies and residents.

Analyst's Take

Today's incidents underline a disconcerting trend of increasing sophistication in cyberattacks, driven by both insider threats and advanced malware. Organizations must prioritize robust access controls and vigilant monitoring to mitigate risks. The breaches at Coupang and 700Credit highlight the critical need for comprehensive API security and insider threat programs. As attackers become more innovative, cyber defenders should reinforce their defenses and prepare response protocols to minimize the impact of such breaches.